Electronic value system

ABSTRACT

An electronic value amount of an electronic bank account and an electronic value amount stored in user identification module UIM in mobile station MS are each stored in an electronic bank server EBS, and updated by the server when either amount changes as a result of transaction.

TECHNICAL FIELD

The present invention relates to an electronic value system forperforming electronic transactions by utilizing electronic values.

BACKGROUND ART

Various systems exist for performing cashless shopping. These systemsutilize so-called electronic money (hereafter referred to as anelectronic value). However, since an electronic value is comprised ofdata, there is a danger that such a value may be improperly used ormanipulated by unauthorized persons posing as claimants or owners. It istherefore necessary to devise an operating system which is able toprovide security for cashless transactions, and to prevent problems ofmisuse and fraud.

However, in providing such a system a drawback is encountered in thattransactions become more complicated and time consuming, and lessefficient.

DISCLOSURE OF INVENTION

The present invention has been made with a view to overcoming theabove-mentioned problems, and has as its object the provision of asecure and efficient electronic value system which utilizes acommunication terminal and a server.

To achieve these aims, the present invention provides an electronicvalue system which comprises of a plurality of communication terminals,acting as an electronic purse, each having a memory for storing anelectronic value and a communication means for performing transmissionand reception of the electronic value to outside nodes. An electronicbank account holding means in a server on a network for accumulatingelectronic values in an electronic bank account assigned to a user. Atransfer means for transferring, via the network, an electronic value toa memory of one of the electronic communication terminals from theelectronic bank account holding means. A transaction log notificationmeans which shows transaction details when a transaction using anelectronic value by the communication terminal is performed. A pursebalance information management means, provided in the network, formemorizing balance information of an electronic value stored in a memoryof the communication terminal; and updating balance information of anelectronic value related to a transaction log upon receiving atransaction log transmitted from a transaction log notification means.

In accordance with the present invention, a purse balance informationmanagement means memorizes balance information of an electronic value inan electronic bank account and the balance information of the electronicvalue stored in a communication terminal functioning as an electronicpurse; and updates balance information of the electronic value in thecommunication terminal when transaction contents change, therebyenabling the detection of any improper transcription of the electronicvalue in a communication terminal.

In the preferred embodiment of the present invention, the plurality ofcommunication terminals in the electronic value system include a firstcommunication terminal and a second communication terminal, each ofwhich performs transmission and reception of an electronic value.Wherein the first communication terminal transmits its ownidentification information and electronic value stored in the memory tothe second communication terminal; and the second communication terminalreceives the identification information of the electronic valuetransmitted from the first communication terminal and transmits its ownidentification information to the first communication terminal; andwherein the transaction log notification means further transmits theelectronic value amount for which transmission and reception areperformed along with identification information of the first and secondcommunication terminal from either the first communication terminal orthe second communication terminal, at least to the purse balanceinformation management means as a transaction log; and the purse balanceinformation management means updates balance information of theelectronic value based on the transmitted transacted log.

In accordance with the system of the present invention, when the firstcommunication terminal and the second communication terminal performtransmission and reception of an electronic value between each other,the balance information of an electronic value stored in thecommunication terminal is updated in a transaction log provided byeither the first communication terminal or the second communicationterminal. In other words, the transmission log can be transmitted byeither one of the communication terminals whereby processing efficiencyis improved.

In the preferred embodiment of the present invention, the firstcommunication terminal and the second communication terminal eachinclude a log accumulation means for accumulating the transaction logrelated to their own transaction, and when either the firstcommunication terminal or the second communication terminal accumulatesthe transaction log equal in volume to a storage capacity by the logaccumulation means, transmission and reception of electronic value tooutside nodes are not performed.

Also, in another preferred embodiment, the first communication terminaland the second communication terminal each comprise a log accumulationmeans for accumulating the transaction log related to their owntransaction, and when either the first communication terminal or thesecond communication terminal accumulates the transaction logs equal involume to a memory capacity by the log accumulation means, thetransaction logs having a date and time prior to that of a current dateand time are erased during a transaction in which a current transactionlog is accumulated.

Further, in another preferred embodiment, the first communicationterminal and the second communication terminal comprise the logaccumulation means accumulating the transaction log related to their owntransaction, the transaction log notification means transmits thetransaction log to the purse balance information management means whenaccumulating the transaction log equal in volume to a storage capacityby the log accumulation means in either the first communication terminalor second communication terminal at least.

In the various embodiments of electronic value system, described above,for example, the communication terminal is a mobile communicationterminal stored in a mobile network, the network is a mobile network,and the first communication terminal and second communication terminalcan communicate by radio. Also, a memory of the communication terminalmay be an IC card installed in the communication terminal. Also, thecommunication terminal may attach a transmission date and time to theelectronic value when transmitting the electronic value. Also, thecommunication terminal may provide a security means for performingelectronic authentication, encryption and decryption by using a key forthe electronic value, and an update means to update the key regularlywhen performing transmission and reception of the electronic value.

Also, the present invention provides an electronic value system forperforming transmission and reception of an electronic value between thefirst communication terminal and the second communication terminal,wherein the first communication terminal includes electronic valuesystem comprising a memory for storing the electronic value,identification information of the issuer who issued the electronicvalue, and a digital signature provided by the issuer to theidentification information, and a transmission means for transmittingthe identification information of the issuer and a digital signaturewith the stored electronic value to the second communication terminal,with the second communication terminal including an electronic valuesystem comprising a receiving means for receiving identificationinformation of the issuer and a digital signature, and a confirmationmeans for confirming validity of the first communication terminal byverifying the received digital signature, and by confirming that theelectronic value transmitted from the first communication terminal isissued by the issuer.

In a related system, when the first communication terminal and thesecond communication terminal perform reception and transmission of anelectronic value between each other, on one hand, the firstcommunication terminal adds identification information and a digitalsignature of the issuer to the electronic value for transmission. On theother hand, a second communication terminal confirms the correctness ofthe received electronic value by verifying identification information ofissuer and digital signature. The correctness of the electronic valuewill be confirmed only between the two communication terminals wherebyimproved security and efficiency for an electronic value can beobtained. Also, when the first communication terminal and the secondcommunication terminal perform reception and transmission of anelectronic value between each other, on one hand, the firstcommunication terminal adds identification information and a digitalsignature of the issuer to the electronic value for transmission. On theother hand, a second communication terminal confirms the correctness ofthe received electronic value by verifying identification information ofissuer and digital signature. The correctness of the electronic valuewill be confirmed only between the two communication terminals wherebyimproved security and efficiency for an electronic value can beobtained.

In the preferred embodiment, the second communication terminal comprisesa memory for storing the electronic value, identification information ofthe issuer who issued the electronic value, and a digital signaturetransmitted by the issuer for the identification information, and atransmission means for transmitting identification information of theissuer stored previously and a digital signature to the firstcommunication terminal further, and the first communication terminalcomprises an obtaining means for obtaining a digital signature providedby the issuer to identification information of the issuer in a memory ofthe second communication terminal, and the identification informationbefore transmitting the electronic value to the second communicationterminal, and a confirmation means for confirming authenticity of thesecond communication terminal by verifying the obtained digitalsignature, and by confirming that the electronic value in memory of thesecond communication terminal is issued by the issuer.

Also, in the electronic value system, the first communication terminaland the second communication terminal include a log accumulation meansfor accumulating the transaction log related to their own transaction,and either the first communication terminal or the second communicationterminal transmits the accumulated transaction log to outside nodesmanaging balance information of electronic value which the first or thesecond communication terminal memorizes when accumulating thetransaction log equal in volume to a storage capacity by the logaccumulation means.

Also, the first communication terminal and the second communicationterminal may perform transmission and reception of the electronic valueby radio. Either of the first communication terminal or the secondcommunication terminal may be a mobile communication terminal providedin a mobile network. In addition, the second communication terminal maybe installed in a vending machine. Also, the communication terminals mayattach a transmission date and time to the electronic value whentransmitting the electronic value. Further, the communication terminalmay include a security means for performing a process of electroniccertification, encryption and decryption by using a key for theelectronic value; and an update means for regularly updating the keywhen performing transmission and reception of the electronic value.

Also, the present invention provides a communication terminal providinga memory for storing an electronic value which is electronic moneyinformation and its own identification information therefor, acommunication means for performing transmission and reception of theelectronic value between outside nodes, an identification informationexchange means for providing its own identification information storedin the memory to the outside nodes, and to obtain identificationinformation of the outside nodes from the outside nodes, and a logaccumulation means, as a transaction log, for accumulating theelectronic value amount whose transmission and reception are performedbetween the outside nodes, the identification information, andidentification information of the outside nodes.

In the preferred embodiment, a communication terminal does not performtransmission and reception of the electronic value between the outsidenodes when it accumulates a transaction log equal in volume to a storagecapacity of the memory accumulation means.

In this case, when a communication terminal accumulates the transactionlog equal in volume to a storage capacity of the log accumulation means,the accumulated transaction log with an older transmission date and timemay be erased in transmission and reception of the electronic valueafter accumulating the transaction log. Also, a communication terminalmay transmit the accumulated transaction log to an outside device forconfirming authenticity for transmission and reception of the electronicvalue by using the transaction log before erasing the accumulatedtransaction log.

In the preferred embodiment, a communication terminal includes asecurity means for performing a process of electronic authentication,encryption and decryption by using a key for the electronic value; andan update means for updating regularly the key when performingtransmission and reception of the electronic value. Also, in anotherpreferred embodiment, when a communication terminal transmits theelectronic value to the outside nodes, the communication terminalattaches the transmission date and time to the electronic value.Further, in another preferred embodiment, the communication meansperforms transmission and reception of the electronic value betweenoutside nodes by radio. The communication terminal is a mobilecommunication terminal stored in a mobile network, and the memory is anIC card installed in the communication terminal.

Also, the present invention provides a communication terminal includinga memory for storing an electronic value which is electronic moneyinformation; identification information of an issuer of the electronicvalue, and a digital signature provided by the issuer to theidentification information; a communication means for performingtransmission and reception of the electronic value between outsidenodes; an attachment means for attaching identification information ofthe issuer and the digital signature to electronic value transmitted tothe outside nodes by the communication means, and a confirmation meansfor confirming authenticity of the electronic value by verifyingidentification information of the issuer to be attached to theelectronic value received from the outside nodes by the communicationmeans, and the digital signature.

In the preferred embodiment, the communication terminal includes asecurity means for performing a process of electronic authentication,encryption and decryption of the electronic value by using a key; and anupdate means for regularly updating the key when performing transmissionand reception of the electronic value.

When a communication terminal transmits the electronic value to theoutside nodes, a communication terminal may attach a transmission dateand time to the electronic value. The communication means may performtransmission and reception of the electronic value between the outsidenodes by radio. The communication terminal is, for example, a mobilecommunication terminal stored in a mobile network, and the memory is anIC card installed in the communication terminal.

Also, the present invention is a server for memorizing electronic valuewhich is electronic money information, and provides a transfer means fortransferring electronic value accumulated by the electronic bank accountholding means via the network to an electronic bank account holdingmeans for accumulating the electronic value into an electronic bankaccount assigned to user, a memory for storing the electronic value anda communication terminal holding a communication means for performingtransmission and reception of the electronic value between the outsidenodes; and a purse balance information management means for memorizingbalance information of electronic value stored in a memory of thecommunication terminal; and a log obtaining means for obtaining atransaction log showing details of a transaction by using the electronicvalue in the communication terminal via the network from thecommunication terminal; and a purse balance information update means forupdating balance information of the electronic value memorized by thepurse balance information memory means on a basis of the obtainedtransaction log.

In the preferred embodiment, the server comprises an electronicauthentication means for giving an electronic authentication by a keywhich the server memorizes for the transmitted electronic valueinformation.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating the configuration of the overallsystem according to the embodiment of the present invention.

FIG. 2 is a block diagram illustrating the configuration of anelectronic bank server according to the embodiment of the presentinvention.

FIG. 3 is a diagram explaining memory content of the database in anelectronic bank server according to the embodiment of the presentinvention.

FIG. 4 is a diagram explaining a memory content of the database in anelectronic bank server according to the embodiment of the presentinvention.

FIG. 5 is a diagram explaining memory content of the database in anelectronic bank server according to the embodiment of the presentinvention.

FIG. 6 is a block diagram illustrating the configuration of a mobilestation according to the embodiment of the present invention.

FIG. 7 is a diagram explaining memory content of UIM according to theembodiment of the present invention.

FIG. 8 is a diagram explaining memory content of UIM according to theembodiment of the present invention.

FIG. 9 is a diagram explaining memory content of UIM according to theembodiment of the present invention.

FIG. 10 is a block diagram explaining memory content of a prepaid cardaccording to the embodiment of the present invention.

FIG. 11 is a block diagram explaining memory content of a prepaid cardaccording to the embodiment of the present invention.

FIG. 12 is a block diagram explaining the operation of opening anelectronic bank account.

FIG. 13 is a sequence diagram illustrating the operation of the overallsystem according to the embodiment of the present invention.

FIG. 14 is a sequence diagram illustrating the operation of the overallsystem according to the embodiment of the present invention.

FIG. 15 is a sequence diagram illustrating the operation of the overallsystem according to the embodiment of the present invention.

FIG. 16 is a sequence diagram illustrating the operation of the overallsystem according to the embodiment of the present invention.

FIG. 17 is a sequence diagram illustrating the operation of the overallsystem according to the embodiment of the present invention.

FIG. 18 is a sequence diagram illustrating the operation of the overallsystem according to the embodiment of the present invention.

FIG. 19 is a block diagram illustrating the configuration of the overallsystem according to the embodiment of the present invention in anapplication example.

BEST MODE FOR CARRYING OUT THE INVENTION

Embodiments of the present invention will be described with reference tothe drawings.

In this embodiment, an electronic bank account for each user at anelectronic bank provided on a network is opened, and a mobile stationwhich each user owns is used as an electronic purse. A function ofelectronic authentication, encryption and decryption based on RSA publickey encryption system of PKI base (Public Key Infrastructure) should beactivated in an exchange for this electronic value.

A: Configuration

At first, the configurations of this embodiment will be described.

FIG. 1 is a block diagram illustrating the configuration of the overallsystem according to the embodiment of the present invention. As shown inthis figure, this system is configured by mobile station MS, mobilenetwork MN, prepaid card PC, electronic bank server EBS, banking systemBS, internet INET, registration authority server RA, certificateauthority server CA, and directory server DS.

Prepaid card PC is a non-contact IC card for storing electronic valueInformation. This prepaid card PC comprises a function for transmittingstored electronic value information to the outside nodes by radio, andfunctions as an electronic purse for a user. In this embodiment, forexample, infrared rays like IrDA (Infrared Data Association) and thelike are used.

Mobile station MS is, for example, a cellular telephone, and performssound communication and data communication via mobile network MN. Thismobile station MS installs an IC card memorizing electronic valueinformation, and performing input and output with regard to electronicvalue. This IC card will be referred to as UIM (User Identity Module) 1hereafter. A user can operate this mobile station MS as an electronicpurse by attaching this UIM1 to mobile station MS.

Concretely, the mobile station MS reads out electronic value informationin UIM1, and actualizes various transactions by exchanging thisinformation with outside nodes. There are two forms of exchange for thiselectronic value;

1. Performing transmission and reception of electronic value informationto an electronic bank server or other mobile stations via mobilenetwork,

2. Performing transmission and reception of electronic value informationtransmitted from prepaid card PC by infrared rays.

The mobile network MN comprises a mobile base station MBS and anexchange station not shown here, and provides sound communicationservice and data communication service to the mobile station MS. Thismobile network MN is connected to internet INET via gateway device notshown here.

An electronic bank server EBS is connected to a mobile network MN and abank system BS installed in a bank (not shown here) by a private line. Avirtual bank account (hereafter referred to as Electronic Bank Account)assigned to each user is opened in this electronic bank server EBS. Theelectronic bank server EBS memorizes electronic value information, suchas an electronic bank account number to specify electronic bank accountand balance information of electronic value in the electronic bankaccount, and performs a process for depositing, withdrawing andtransferring electronic value and the like in the electronic bankaccount in response to a request from mobile station MS.

Also, the electronic bank server EBS memorizes an electronic bankaccount, and the balance information of electronic value in anelectronic purse, such as a mobile station MS and a prepaid card PC; andupdates balance information by notifying the electronic bank server EBSfrom the electronic purses. Accordingly, an electronic bank server EBScan detect incorrect transcriptions by comparing the balance informationwhich the electronic bank server EBS memorizes in case the electronicvalue is transcribed incorrectly on the electronic purse, such as amobile station MS and a prepaid card PC.

The Certificate authority server CA is a well-known server which issuesan electronic authentication of standard X509-based on RSA public keyencryption system, and is connected to the Internet INET. Concretely,the certificate authority server CA generates a public key certificatewhen a digital signature is given to guarantee correctness for a privatekey of each node in response to an issuing request of a public keycertificate transmitted from each node on a network. As this digitalsignature is performed by a private signature key which the certificateauthority server CA owns, each node which obtains a public keycertificate decrypts this public key certificate by using the public keyof the certificate authority server CA. As each node encrypts the databy a public key of the certificate authority server CA, and transmits itto the certificate authority server CA, the certificate authority serverCA memorizes a private decryption key to decrypt this encrypted message.

The Directory server DS is a well-known server storing a public keycertificate generated by the certificate authority server CA and CRL(Certificate Revocation List) for the public key certificate, andconnected to the Internet INET. The directory server DS functions tosearch among public key certificates stored in the directory server DS apublic key certificate requested by any of each nodes, and to distributethe same.

In this embodiment, a public key for mobile station MS and electronicbank server EBS receive an issue of public key certificate from thecertificate authority server CA. Accordingly, a node which should be acommunication partner for the mobile station MS and an electronic bankserver EBS can confirm whether a third party pretends to be acommunication partner or not by obtaining a public key certificate fromthe directory server DS, and verifying the digital signature.

The Registration authority server RA is a server provided on theInternet INET, and accepts an application of opening an electronic bankaccount by a user, and performs a process with regard to the opening ofan electronic bank account by cooperating with the electronic bankserver EBS, the certificate authority server CA and the directory serverDS.

The registration authority server RA memorizes a private signature keyand an encryption certificate for CA. A private signature key is a keywhich gives a digital signature to data which the registration authorityserver RA should transmit to outside nodes and this key prevents a thirdparty from pretending to be the registration authority server RA. Also,an encryption certificate for CA is a certificate for a public key toencrypt data which should be transmitted to the certificate authorityserver CA. An encrypted message of an encryption certificate for CA isdecrypted by a private decryption key which the certificate authorityserver CA owns. This key prevents a third party from intercepting thedata and transmitting to the certificate authority server CA.

(2) Configuration of Electronic Bank Server EBS

Next, the electronic bank server EBS will be described with reference tothe block diagram shown in FIG. 2.

As shown in FIG. 2, the electronic bank server EBS is configured by thecommunication unit 11, the control unit 12, the database 13, and bus 14which connects these mutually.

The communication unit 11 comprises a connection interface with InternetINET (not shown here) and a communication control circuit (not shownhere). This communication unit 31 performs data communication with thecertificate authority server CA and the directory server DS via a mobilenetwork MN and the internet INET, and with a mobile station MS via amobile network MN.

The Control unit 12 is configured by the CPU (Central Process Unit) notshown here, ROM (Read Only Memory), RAM (Random Access Memory), andcontrols the overall electronic bank server EBS.

As shown in FIG. 3, a private signature key, a private decryption key, aCA signature verification certificate, and an electronic valueinformation are memorized in Database 13.

A private signature key is a private key which gives a digital signatureto data which is to be transmitted to the outside nodes from theelectronic bank server EBS. A public key corresponding to this privatesignature key is registered in the directory server DS after acertificate is issued by the certificate authority server CA.

A private decryption key is a private key to decrypt an encryptedmessage received from an electronic bank server EBS. A public keycorresponding to this private key is registered in the directory serverDS after a certificate is issued by the certificate authority server CA.

A CA signature verification certificate is a certificate for a publickey to verify a digital signature which the certificate authority serverCA gives to various certificates with a private key. As this CAsignature verification certificate is registered in the directory serverDS, the electronic bank server EBS can obtain this certificate byaccessing the directory server DS.

The Electronic value management information is information which manageselectronic value information stored in a mobile station MS, andelectronic value information stored in a prepaid card PC.

FIG. 4 is a diagram explaining the electronic value managementinformation to manage electronic value information stored in UIM1 in themobile station MS. As shown in this figure, the electronic valuemanagement information comprises electronic bank ID, electronic bankaccount number, electronic value amount in an electronic bank account,the electronic value amount in UIM, a time stamp at update of electronicvalue amount, current value amount in electronic bank account, currentvalue amount in UIM, a time stamp at update of current electronic valueamount, and electronic value update history.

The Electronic bank ID is identification information for an electronicbank server EBS which issued the electronic value.

The Electronic bank account number is the identification information tospecify each electronic bank account.

The Electronic value amount in an electronic bank account is the balanceinformation of the electronic value in an electronic bank account when amobile station MS accesses an electronic bank server EBS at transactionend.

The Electronic value amount in UIM is the balance information of theelectronic value in UIM1when the mobile station MS accesses theelectronic bank server EBS at transaction end.

A time stamp at the update of electronic value is information forshowing date and time when the electronic value amount in UIM isupdated, and issued by the electronic bank server EBS. An incorrectretransmission of electronic value will be discovered by using this timestamp as described later.

The current electronic value amount is the current balance informationof electronic value in an electronic bank account.

The current electronic value in UIM is the balance information ofelectronic value which should be reflected on UIM1. As described later,when an exchange of electronic value is performed between the mobilestations MS without an electronic bank server EBS, a transaction log isnotified to the electronic bank server EBS from either one of mobilestations MS after exchanging electronic value. When this notification ismade, the electronic value amount which should be stored in both mobilestations MS is calculated. The Electronic value amount which should bereflected on UIM1 in the mobile station MS which does not communicatewith the electronic bank server EBS corresponds to current electronicvalue amount in this UIM.

A time stamp at the update of current electronic value amount proves thedate and time which the current electronic value amount in an electronicbank account and the current electronic value amount in UIM are updated.An incorrect retransmission of electronic value will be discovered byusing this time stamp described later.

The Electronic value update history is an updated history of anelectronic value amount in UIM at the point the mobile station MS lastaccesses the electronic bank server EBS.

Next, the electronic value management information to manage electronicvalue information stored in a prepaid card PC will be described withreference to FIG. 5. The different points of electronic valueinformation between FIG. 4 and FIG. 5 are that prepaid card PC is theobject as an electronic purse instead of UIM1, and the prepaid card IDis used instead of an electronic bank account number. Thus, theelectronic value management information of UIM1 and a prepaid card PC inan electronic bank server EBS is different. The UIM1 corresponds to afixed, one-to-one electronic bank account and a prepaid card on thecontrary is transferable, and therefore manages an electronic value byusing prepaid card IDs, and not by a prepaid card PC corresponding to anelectronic bank account.

(3) Configuration of Mobile Station MS

Next, the configuration of mobile station MS will be described withreference to FIG. 6.

As shown in this figure, the mobile station MS is configured by radiocommunication unit 2, control unit 3, user interface 4, UIM1, infraredcommunication unit 5; and bus 6. Bus 6 connects these mutually.

Radio communication unit 2 comprising an antenna (not shown here) and acommunication control circuit, performs radio communication with themobile base station MBS in the mobile network MN. Also, the infraredcommunication unit 5 performs infrared communication with the prepaidcard PC.

The control unit 3 is configured by CPU, ROM and RAM (not shown here),and controls overall the mobile station MS. The mobile station MS has afunction which performs sound communication and data communication; andprocesses electronic value. A user can change these functions dependingon the purpose. The control unit 3 controls each part of the mobilestation MS. With regard to the electronic value process, control unit 3performs a process of electronic authentication, through encryption anddecryption, which also involves generating and verifying a time stampand managing a private key and a public key certificate.

User interface 4 comprises a crystal panel to display variousinformation, a keypad for a user to perform an input operation, and amicrophone and a speaker for a user to make a call.

With reference to FIG. 7, the data to be memorized in UIM1 will bedescribed. As shown in this figure, a private signature key, a privatedecryption key, an EB signature verification certificate, an encryptioncertificate for EB, a CA signature verification certificate, a user ID,and an electronic value information are memorized in UIM1.

The Private signature key is a private key which provides a digitalsignature to data which the mobile station MS transmits to outsidenodes. By providing the digital signature to the data transmitted to theoutside nodes, a third party is prevented from posing to be a user ofthe mobile station MS

The Private decryption key is a private key which decrypts an encryptedmessage received by the mobile station MS. Thus, preventing a thirdparty from intercepting a message at the time when the encrypted messageis transmitted to the mobile station MS.

The EB signature verification certificate is a certificate for a publickey to verify a digital signature which is signed by the electronic bankserver EBS. Since the electronic bank server EBS provides the digitalsignature to the data for the mobile station MS, a third party isprevented from posing to be the electronic bank server EBS.

The Encryption certificate for EB is a certificate for a public key toencrypt data transmitted to the electronic bank server EBS. That is tosay, intercepting by a third party is prevented as the data to betransmitted to the electronic bank server EBS is encrypted.

The CA signature verification certificate is a certificate for a publickey to verify a digital signature which the certificate authority serverCA gives to various certificates. Thus, reliability of a certificateissued by certificate authority server CA is guaranteed.

The User ID is identification information which specifies a user of themobile station MS.

Next, as shown in FIG. 8, the electronic value information comprises anelectronic bank ID; an electronic purse type; an electronic bank accountnumber, an electronic bank signature SGN1, an electronic value amount inthe electronic bank account, an electronic value amount in the UIM; atime stamp at update of the electronic value amount, an electronic banksignature SGN2, the current electronic value amount; and an electronicvalue update history.

The Electronic bank ID is described above.

The Electronic purse type is information which shows whether anelectronic purse for storing electronic value information is UIM1 or aprepaid card PC.

The Electronic bank account number is described above.

The Electronic bank signature SGN1 is a digital signature given by theelectronic bank server EBS to guarantee that the electronic bank ID, theelectronic purse type, and the electronic bank account number describedabove are not manipulated.

The Electronic value amount in the electronic bank account is thebalance information of the electronic value in the electronic bankaccount when the mobile station MS accesses electronic bank server EBSat transaction end.

The Electronic value amount in the UIM is the balance information of theelectronic value in the UIM1 when the mobile station MS accesseselectronic bank server EBS at transaction end.

A time stamp at the update of the electronic value amount shows the dateand time of the update of the electronic value amount in the UIM, andthis is issued by electronic bank server EBS.

The Electronic bank signature SGN2 is a digital signature given by theelectronic bank server EBS to guarantee that the electronic bank ID, theelectronic purse type, the electronic bank account number, theelectronic value amount in the electronic bank account, the electronicvalue amount in the UIM, and a time stamp at update of electronic valueamount described above are not manipulated.

The Current electronic value amount is the balance information of theelectronic value which the UIM1 memorizes at the time of the currenttransaction.

The Electronic value update history is an updated history of theelectronic value in the UIM from the point when mobile station MS lastaccesses electronic bank server EBS.

FIG. 9 is a diagram showing the detailed contents of the electronicvalue update history.

As shown in this figure, the electronic value update history comprisesthe recipient electronic bank account number, the payer electronic bankaccount number, the payer prepaid card ID, the transacted value amount,and the digital signature of a transaction partner.

A recipient electronic bank account number is an electronic bank accountnumber of a user who receives electronic value in transaction. A payerelectronic bank account number is an electronic bank account number ofthe user who pays electronic value in transaction.

Also, when a user of electronic money is a prepaid card PC, a payerprepaid card ID is registered as an updated history.

A Transacted value amount is the electronic value amount to betransacted; and a digital signature of a transaction partner is adigital signature which the mobile station MS gives to guarantee thatthe recipient electronic bank account number, the payer electronic bankaccount number, the payer prepaid card ID, and the transacted valueamount are not manipulated.

The Mobile station MS transmits electronic value update history, asdescribed above, to the electronic bank server EBS after transactions.

(3) Configuration of Prepaid Card PC

Next, the data to be stored in a prepaid card PC will be described. FIG.10 is a diagram which shows the data that is to be stored in a prepaidcard PC. As shown in this figure, the EB signature verificationcertificate, the encryption certificate for EB, the CA signatureverification certificate, and the electronic value information arememorized in a prepaid card PC. The EB signature verificationcertificate, the encryption certificate for EB, and the CA signatureverification certificate are common information which the UIM1memorizes, so the explanations will be omitted.

Also, a private signature key and a private decryption key are memorizedin the UIM1, but not in a prepaid card PC. Unlike the mobile station MS,a user who owns a prepaid card PC is officially authorized as the properowner. Because a prepaid card is transferable, a digital signature toprevent a third party from pretending to be the owner is not required tobe performed, or the data for electronic value information transmittedto the prepaid card PC is not required to be transmitted as an encryptedone.

Next, the electronic value information in a prepaid card PC will bedescribed with reference to FIG. 11. As shown in this figure, theelectronic value information comprises the electronic bank ID, theelectronic purse type, the prepaid card ID, the electronic banksignature SGN3, the electronic value amount in a prepaid card, a timestamp at update of electronic value amount, the electronic banksignature SGN4, the current electronic value amount and the electronicvalue update history.

The electronic value information in the prepaid card is different fromthe one in the UIM1 as follows;

-   the electronic value in the prepaid card PC is used as the object    instead of the electronic value in UIM1; and-   the electronic value amount in an electronic bank account is not    memorized in this prepaid card.    That is to say, a prepaid card PC does not correspond to the    electronic bank account of a user in a fixed way as it is    transferable among users. Accordingly, a prepaid card PC does not    memorize an electronic value amount in the electronic bank account.

Also, the electronic value update history shown in FIG. 11 is commoninformation to electronic value update history in UIM1 shown in FIG. 9except that the electronic value information is recorded in the prepaidcard and not in the UIM, so explanation thereof will be omitted.

B: Operation

Next, the operation of the embodiment comprising the aboveconfigurations will be described.

(1) Opening of a electronic bank account, (2) Continuation of theelectronic bank account, (3) Deposit and withdrawal of an electronicvalue, (4) Exchange between electronic purses, and (5) Transfer of theelectronic value will be described as below.

(1) Opening of Electronic Bank Account

FIG. 12 is a sequence diagram showing an operation of the overall systemwhen an electronic bank account is opened.

At first, a user goes to the registration authority (not shown here)where the registration authority server RA is installed, and notifiesnecessary information to open an electronic bank account, such as aname, address, password and telephone number for the mobile station MS,and bank account number for the bank account which deposits electronicvalue to an operator. The operator inputs such information into theregistration authority server RA.

The Registration authority server RA transmits the input information tothe electronic bank server EBS, and requests the electronic bank serverEBS to open an electronic bank account. (Step SZ1)

The Electronic bank server EBS inquires of the bank system BS whether auser has a bank account or the ability to pay, and opens a temporaryelectronic bank account when the above things are confirmed. (Step SZ2)At this moment, an electronic bank account number is issued, and theexpiry date is set for the electronic bank account.

Next, the electronic bank server EBS transmits the electronic bankaccount number and expiry date for an electronic bank account to theregistration authority server RA. (Step SZ3)

When the registration authority server RA receives the electronic bankaccount number and the expiry date for the electronic bank account, apair key (That is to say, a pair of a private key and a public key)corresponding to a user is generated accordingly. This pair key consistsof 2 types; a pair key for digital signature and verification of datawhich should be transmitted to the electronic bank server EBS from themobile station MS and; a pair key for encryption and decryption of datawhich should be transmitted to the mobile station MS from the electronicbank server EBS. The expiry date for this pair key is the same as theone for the electronic bank account numbers.

The registration authority server RA transmits a public key to verify adigital signature, and a public key to encrypt a digital signature amonggenerated pair keys with electronic bank account numbers to thecertification authority server CA, and requests the certificationauthority server CA to issue public key certificates with regard tothese pair keys. (Step SZ4)

Accordingly, the certification authority server CA issues public keycertificates for digital signature verification and encryption, andregisters these certificates with the directory server DS by correlatingwith the electronic bank account numbers. (Step SZ5)

On the other hand, the electronic bank server EBS accesses the Directoryserver DS, and confirms that public key certificates for digitalsignature verification and encryption are registered by searching, as aclue, an electronic bank account. (Step SZ6) At this moment, acommunication which security is guaranteed between electronic bankserver EBS and mobile station MS is prepared to carry out.

And, the electronic bank server EBS specifies an electronic bank accountnumber, and notifies the registration authority server RA that theelectronic bank account shown by the above specified number is opened.(Step SZ7)

Accordingly, the registration authority server RA accesses directoryserver DS, and obtains the EB signature verification certificate, theencryption certificate for EB, and the CA signature verificationcertificate stored beforehand. (Step SZ8)

And, the registration authority server RA writes a private signaturekey, a private decryption key, the EB signature verificationcertificate, the encryption certificate for EB, the CA signatureverification certificate, the electronic bank ID, and the electronicbank account number in the UIM1 via the ROM writer (not shown here). Auser receives data written by the UIM1, and attaches this to the mobilestation MS. And, the process is completed. (Step SZ9)

(2) Continuation of the Electronic Bank Account

A user can perform a continuous use of the electronic bank accountopened as described above by paying the account management chargeregularly. A payment method for this account management charge is asfollows:

(A1) The Electronic bank withdraws electronic value corresponding to theaccount management charge from the electronic bank account of a user.

(B1) The Electronic bank withdraws money corresponding to the accountmanagement charge from an actual bank account of a user.

(C1) The Electronic bank appropriates a part of the money collected froma user as repurchase price for UIM1, as an account management charge.

(D1) The Electronic bank appropriates a part of the money collected froma user as an installation cost of a new key for the UIM1, as accountmanagement charge.

(E1) A part of the cost of issuing a public key certificate of a pairkey regenerated in the UIM1 by the electronic bank is appropriated asaccount management charge.

As described above, the key for the UIM1 is updated regularly. Thereason is that setting the expiry date to a key and updating theinformation regularly are general rules which provide security to asystem which uses a key based on a public key encryption algorism.

This concrete method is as follows:

(A2) A user repurchases the UIM1 where a new key is installed.

(B2) The Registration authority server RA rewrites data for a new keyinto the UIM1.

(C2) A user transmits a new key to the UIM1 in the mobile station MSfrom the Registration authority server RA.

(D2) A user regenerates a new key in the UIM1, and requests theregistration authority server RA to issue a public key certificate.

An example of updating the UIM1 will be described with reference to thesequence shown in FIG. 13. The example given below describes, the twopayment methods which can be selected as an option. In the first option,the electronic value corresponding to the account management charge iswithdrawn and paid into the electronic bank server EBS (described aboveA1); and in the second option a private key among the pair keys whichthe certificate authority server CA generates is transmitted to themobile station MS. (described above C2)

And, the withdrawal date and amount of money for the account managementcharge is notified beforehand by the Electronic bank server EBS to theuser who requests the continuation of the use of the electronic bankaccount. When the date for withdrawal comes, the electronic bank serverEBS withdraws the electronic value from the electronic bank account of auser as account management charge for the next period. (Step S1)

Next, the electronic bank server EBS encrypts an electronic bank accountnumber of a user to which a digital signature is given, and notifies theencrypted account number to the certificate authority server CA, andrequests the CA to reissue a pair key, for a permission to transmit aprivate key for users, and to issue a public key certificate. (Step S2)

On the other hand, the certificate authority server CA decrypts andverifies the digital signature, and generates a pair key, and issues apublic key certificate for the generated pair key after confirming thatthe above requests come from the proper electronic bank server EBS. Thepublic key certificate issued is then registered with the directoryserver DS. (Step S3)

When the electronic bank server EBS accesses the directory server DS,and confirms that a new certificate has been issued (Step S4), theelectronic bank server EBS notifies the mobile station MS of a user whoperforms continuous use, that the account management charge is receivedand a preparation to transmit a private key is ready to be carried out.(Step S5)

When the mobile station MS receives a notification from the electronicbank server EBS, that a private key is ready to be transmitted, themobile station MS requests the certificate authority server CA totransmit a new private key in response to the operation by a user afterthis notification has been displayed. (Step S6)

The Certificate authority server CA encrypts a new private key with anold encryption public key of a user (valid at present), and transmitsthis key which has a digital signature, to the mobile station MS whenreceiving a request to transmit a new private key from the mobilestation MS. (Step S7)

The Mobile station MS verifies the digital signature given to the newprivate key transmitted from the certificate authority server CA, andconfirms that this signature is transmitted from the proper certificateauthority server CA. Also, the MS decrypts the private key transmittedfrom the certificate authority server CA by using a valid privatedecryption key at present. (Step S8)

Next, the mobile station MS substitutes the old private key in the UIM1with the new one. (Step S9) Then, the mobile station MS transmits, tothe certificate authority server CA, this message signed with the newprivate signature key, showing that substitution has been successfullycarried out. (Step S10)

The certificate authority server CA in return, registers a public keyfor an old private key with a CRL in the directory server DS afterreceiving a message that the substitution has been successfully carriedout. (Step S11)

Therefore, it is impossible to use a public key for an old private key.

(3) Deposit and Withdrawal of Electronic Value

Next, the operation of deposit and withdrawal of electronic value to aprepaid card PC will be described with reference to the sequence shownin FIG. 14 and FIG. 15 where 100 yen of electronic value amount iswithdrawn from a deposit of 1,000 yen in an electronic bank account andappropriated to the UIM1.

At first, the user operates a keypad for the mobile station MS, havingselected to use either the electronic value in a prepaid card PC or theone in the UIM1 installed in the mobile station MS, and inputs theelectronic value amount to be withdrawn from the electronic bank accountor the one to be deposited into the electronic bank account. The UIM1 isselected as an electronic purse, and the withdrawn 100 yen is input bythe user in this case. The mobile station MS accepts the key operationdescribed above. (Step Sa1)

Next, after the mobile station MS encrypts the information input carriedout in Step Sa1 and the electronic value information in UIM1 with theencryption certificate for the EB stored in the UIM1, the mobile stationMS gives a digital signature to the above information with a privatesignature key, to which a time stamp is given and transmits it to theelectronic bank server EBS as a request signal. (Step Sa2)

The electronic bank server EBS obtains a public key certificate forverification of the digital signature from the directory server DS byreferring to the electronic bank account number included in the receivedelectronic value information. and verifies the correctness of thedigital signature in the mobile station MS by using this certificatewhen receiving the above information. (Step Sa3)

Next, the electronic bank server EBS decrypts an encrypted messagereceived in Step Sa2 by using a private decryption key which theelectronic bank server EBS memorizes, and confirms the time stamp. (StepSa4)

To avoid receiving from the same user more than twice a request signalwhich has the same stamp, the stamp confirmation process is used.

In this way, improper retransmission of a request signal is prevented bythis process.

Next, the electronic bank server EBS confirms the designated amount ofmoney for withdrawal and deposit, and calculates the electronic valueamount in the UIM and the electronic value amount in the electronic bankaccount after a withdrawal or a deposit. (Step Sa5) The electronic valueamount in the UIM is 100 yen after the withdrawal, the electronic valueamount in the electronic bank account is 900 yen in this case.

Next, the electronic bank server EBS obtains a public key certificatefor encryption from the directory server DS by using the electronic bankaccount number as a clue. (Step Sa6)

And, the electronic bank server EBS encrypts the calculated amount inStep Sa5, the electronic bank account number, the user name, and atransaction type showing the withdrawal and deposit, and the transactedvalue amount with a public key certificate obtained from the directoryserver DS. (Step Sa7)

Further, the electronic bank server EBS gives a digital signature to theabove encrypted message with a private signature key which theelectronic bank server EBS memorizes, and transmits this encryptedmessage to which a time stamp is given to the mobile station MS. (StepSa8)

The mobile station MS confirms verification of the digital signature,encryption of the encrypted message, and a time stamp for the receiveddata. (Step Sa9)

The mobile station MS displays the electronic value amount in the UIMand the electronic value amount in the electronic bank account after thewithdrawal and deposit. (Step Sa10) In this case, the electronic valueamount in the UIM is 100 yen, and the electronic value amount in theelectronic bank account is 900 yen. The user checks this amountcarefully, and performs a key operation to decide OK or NG whether therequest is the same as the one of the user or not.

When the OK key operation is performed, the mobile station MS updatesthe electronic value information memorized in the UIM1. (Step Sa11)

That is to say, the mobile station MS updates the electronic valueamount in the electronic bank shown in FIG. 8 from 1,000 yen to 900 yenand the electronic value amount in the UIM1 shown in FIG. 8 from 0 yento 100 yen, and stores the received time stamp as a time stamp at updateof the electronic value amount and a digital signature as an electronicbank signature SGN2.

And, the mobile station MS generates a message that the OK key operationis performed, and performs a process of encryption with the encryptioncertificate for the EB, of a digital signature with a private signaturekey, and gives a time stamp for this message which is the same as StepSa2, and transmits it to electronic bank server EBS. (Step Sa12)

Next, the electronic bank server EBS obtains a digital signatureverification certificate from the directory server DS as in Step Sa3,and verifies the correctness of the digital signature by using thiscertificate when receiving the above message as described in FIG. 15(Step Sa13).

Further, the electronic bank server EBS decrypts an encrypted message byusing a private decryption key as in Step Sa4, and confirms the timestamp. (Step Sa14)

As a result, the electronic bank server EBS updates the electronic valuemanagement information shown in FIG. 4 when confirming an OK message.(Step Sa15)

The electronic value amount in the electronic bank account is updatedfrom 1,000 yen to 900 yen, the electronic value amount in the UIM isupdated from 0 yen to 100 yen, the current electronic value amount inthe electronic bank account is updated from 1,000 yen to 900 yen, andthe current electronic value amount in the UIM is updated from 0 yen to100 yen. A time stamp is issued at this moment and this time stamp isstored in the electronic bank server EBS as the time stamp at update ofelectronic value amount and a time stamp at update of current electronicvalue amount.

The electronic bank server EBS transmits a message to the mobile stationMS that the transaction has been completed (Step Sa16); and in return,the mobile station MS displays the above received message (Step Sa17),and the process is completed.

In the above case, when a key operation in Step Sa10 is NG, mobilestation MS does not update electronic value information in UIM1. And, aNG message is generated in Step Sa12, and it is transmitted toelectronic bank server EBS.

Also, the electronic bank server EBS completes a process withoutupdating the electronic value information in Step Sa13 when receiving anNG message. But, the electronic bank server EBS stores a log about theabove process with a digital signature of the mobile station MS to dealwith claims, which an OK message has been input to confirm the resultand so forth, from a user of the mobile station MS.

For example, when the above transaction cannot be completed for reasonssuch as the electronic bank server EBS not receiving a message from themobile station MS as in Step Sa12, the electronic bank server EBSgenerates a non-completion message of a transaction not performed, andencrypts this message and the electronic value amount in the UIM1 towhich a digital signature and time stamp are given before thetransaction, and transmits this message and value amount to the mobilestation MS.

On the other hand, the mobile station MS displays this message whenreceiving a non-completion message from the electronic bank server EBS,and the mobile station MS will substitute the electronic value amount inthe UIM with the one in the UIM transmitted with non-completion messagebefore transaction.

Also, for example, when the mobile station MS cannot receive either thecompletion or the non-completion message for reasons such as a prolongedcommunication interception, the mobile station MS displays a message oftransaction not completed on display. A user operates the mobile stationMS to perform a communicative connection to the electronic bank serverEBS after restoration of the communication interception, and obtains anupdated electronic value information, and updates the electronic valueinformation of a user.

In the above example, the electronic value in the UIM1 of the mobilestation MS was described. A prepaid card PC only has to go through thesame process as described above via the mobile station MS by an infraredcommunication means when the electronic value in the prepaid card PC isdeposited in the electronic bank account.

(4) Exchange Between Electronic Purses

The Mobile station MS can exchange electronic value by a localcommunication means which the electronic bank server EBS does notmediate like an infrared communication means.

With reference to the sequence shown in FIG. 16 and FIG. 17, the case inwhich the electronic value of 100 yen is paid from the mobile stationMS1 of user A, and the mobile station MS2 of user B receives this 100yen value will be described below.

At first, the mobile station MS1 transmits by infrared communication, arequest signal to mobile station MS2 of user B for information on theelectronic bank ID in the electronic value information of user B, theelectronic purse type, the electronic bank account number, and the EBsignature SGN1. (Step Sb1)

The mobile station MS2 of user B reads out electronic value informationrequested from its own UIM1, and transmits this information to mobilestation MS1 by infrared communication on receiving this request signal.(Step Sb2)

The mobile station MS1 verifies EB signature SGN1 in the receivedelectronic value information, and confirms that the user B is the properowner of the electronic value which the electronic bank server EBSissues. (Step Sb3) If the EB signature SGN1 is not confirmed, theprocess is stopped.

If confirmation is given, user A performs a key operation to requestpayment after inputting the electronic value amount of 100 yen to bepaid to user B, and electronic purse type information (hereafterreferred to as UIM1). The key operation is then accepted by mobilestation MS1. (Step Sb4)

Next, the mobile station MS1 organizes an electronic bank account ofuser B, the electronic bank number of user A, and the transacted valueamount (in this case, the electronic value amount 100 yen paid from themobile station MS1 to mobile station MS2) as information set, and givesa digital signature of user A to this information set, and transmits itto mobile station MS2 as electronic value information which user A pays.In this case, the mobile station MS1 transmits the electronic bank ID,the electronic purse type, the electronic bank account of user A, andthe EB signature SGN1 in the electronic value information which themobile station MS1 memorizes. (Step Sb5)

The Mobile station MS2 verifies the EB signature SGN1 given to thereceived information set, and confirms that user A is the true owner ofthe electronic value which the electronic bank server EBS issues. (StepSb6) If it is not confirmed that user A is the true owner, thetransaction of the process is stopped.

Further, the mobile station MS2 verifies the digital signature of user Agiven to the received information set. (Step Sb7) This prevents a thirdparty from posing as user A of the mobile station MS1.

Next, the mobile station MS2 displays the electronic value informationwhich user A pays except for a digital signature information of user A.(Step Sb8) That is to say, the electronic bank account number of user B,the electronic bank account number of user A, and the transacted valueamount of 100 yen are displayed.

User B refers to this display, and inputs an OK message into the mobilestation MS2 if user B decides that there are not any problems.

On the other hand, if user B encounters problems, user B inputs an NGmessage into the mobile station MS2. The mobile station MS2 notifiesthis message to mobile station MS1, and the process will be stopped.

Next, the mobile station MS2 adds the electronic value amount of 100 yencorresponding to the transacted value amount to the UIM currentelectronic value amount in the electronic value information memorized inits own UIM 1, and adds to electronic value update history, an updatehistory based on the electronic value information paid by user A whichis received from the mobile station MS1 (Step Sb9)

Next, the mobile station MS2 gives a digital signature of user B to theelectronic bank account number of user B, electronic bank account numberof user A, and the transacted value amount of 100 yen except for adigital signature of user A in the electronic value information whichuser A pays, and transmits the information to the mobile station MS1 asthe information which user B received. (Step Sb10)

The mobile station MS1 receives the electronic value information whichuser B received, and verifies the digital signature of user B which istransmitted along with the information. (Step Sb11)

Next, the mobile station MS1 deducts the electronic value information100 yen corresponding to the transacted value amount from the currentelectronic value amount in the UIM, and adds an updated history to theelectronic update history, updates the electronic history based on theelectronic value information received by user B. (Step Sb12)

At this moment, the local electronic value exchange between mobilestation MS1 and mobile station MS2 will be completed.

Next, the sequence shown in FIG. 17 is performed when the mobile stationMS2 of user B needs to communicate with the electronic bank server EBSafter completing the process shown in FIG. 16.

At first, the mobile station MS2 reads out the updated electronic value(update) history from its own UIM1, transmits this history to theelectronic bank server EBS, and requests the electronic bank server EBSto confirm the correctness of the transaction. (Step Sc1)

On the other hand, the electronic bank server EBS refers to theelectronic value update history received from mobile station MS2, andverifies a transaction partner digital signature, which is the digitalsignature of user A in this case, in this electronic value updatehistory. The electronic bank server EBS changes the electronic valueinformation described below if no problems are found through thisverification. (Step Sc2)

That is to say, with regard to the electronic value managementinformation corresponding to user B who receives the electronic value,the electronic bank server EBS performs an updating process to add 100yen to the electronic value amount in the UIM, to update the time stampat update of the electronic value amount, to add 100 yen to the currentelectronic value amount in the UIM, and to update a time stamp at theupdate of the current electronic value amount.

Also, with regard to the electronic value management informationcorresponding to user A who pays the electronic value, the electronicbank server EBS reduces the current electronic value amount in the UIMby 100 yen, and performs a process to update the time stamp at update ofthe current electronic value amount.

And, if there are some problems in the verification result of thetransaction partner digital signature, the electronic bank server EBSgenerates a message that updating has not been processed due toproblems, and notifies the manager of the electronic bank server EBS.

The electronic bank server EBS transmits the electronic valueinformation which should be updated based on the electronic valuemanagement information updated in Step Sc2 to mobile station MS2. (StepSc3) Electronic value information transmitted in this case is theelectronic value amount in the UIM, with a time stamp at update of theelectronic value amount, and the electronic bank signature SGN2.

If there are some problems in the verification result of the transactionpartner digital signature, a message that updating has not beenprocessed due to problems will be transmitted with the above informationto mobile station MS2.

The mobile station MS2 updates the electronic value information in itsown UIM1 in response to electronic value information received from theelectronic bank server EBS. (Step Sc4)

And, the electronic value information of mobile station MS1 is confirmedby the electronic bank server EBS when the mobile station MS1communicates with the electronic bank server EBS with regard to theprocess which will take place as in mobile station MS2.

That is to say, the electronic bank server EBS compares the currentelectronic value amount in the UIM with the electronic value amount inthe UIM in the electronic value management information corresponding touser A when the electronic bank server EBS is accessed from the mobilestation MS1. If both amounts are different, the electronic valueinformation will be updated. The contents of update in this case are:matching the electronic value amount in the UIM with the currentelectronic value amount in the UIM, and updating the time stamp atupdate of the electronic value amount.

The electronic bank server EBS transmits electronic value informationwhich should be updated, to the mobile station MS1 by matching the aboveupdated information. That is to say, the electronic bank server EBStransmits the electronic value amount in the UIM, a time stamp at updateof the electronic value amount, and the electronic bank signature SGN2.

The mobile station MS1 verifies the electronic bank signature SGN2 inthe information received from the electronic bank server EBS, andupdates the electronic value information in the UIM1 if no problems arefound. (Step Sb20)

It follows that the transaction is guaranteed by the electronic bankserver EBS, and the process will be completed.

An exchange between the electronic purses is only completed effectivelywhen the electronic value update history arrives at the electronic bankserver EBS from both purses of a transactor.

Also, process can be completed when an electronic purse update historyis notified to either one of the electronic purses. In this case, whenan updated history of paid electronic value is notified to theelectronic bank server EBS, it can be considered that the process iscompleted.

In the above example, the UIM1 in the mobile station MS was described asa payer's an electronic purse, electronic value in prepaid card PC isalso possible to use. In this case, the prepaid card PC only has to gothrough the same process as the above mentioned via the mobile stationMS by infrared communication.

(5) Transfer of Electronic Value

The electronic value can be transferred to someone else as a form“transfer from your purse or your electronic bank account to theelectronic bank account of someone else”

The transfer of electronic value will be described with reference to thesequence shown in FIG. 18.

At first, the user operates the mobile station MS, and selects awithdrawal means to transfer the electronic value. (hereafter referredto as a transfer means) Concretely, either one of the prepaid card PC,the UIM1 in the mobile station MS, or the electronic bank account of auser is selected. It is assumed that the UIM1 is selected in this case.Next, the user inputs an electronic bank account number for a transferpoint (hereafter referred to as electronic bank account number for atransfer point) and the amount to be transferred. (hereafter referred toas transfer money), Mobile station MS accepts the above operations.(Step Sd1)

Next, the mobile station MS gives a time stamp to the information whichis input by the user, encrypts this information with a public encryptionkey for the electronic bank server EBS, and transmits the data to whicha digital signature is given by using a private signature key to theelectronic bank server EBS as a request signal to request a transfer.(Step Sd2)

When a user selects a prepaid card PC as a transfer means in Step Sd1,the mobile station MS performs communication through infrared means withthe prepaid PC, and obtains electronic value information in the prepaidcard PC, and transmits this information to the electronic bank serverEBS.

On the other hand, the electronic bank server EBS verifies the digitalsignature on the received data, and decrypts the encrypted message, andconfirms the correctness of the electronic value information by checkinga time stamp. (Step Sd3)

Next, the electronic bank server EBS confirms:

-   1, existence of the electronic bank account to which the electronic    value is transferred;-   2, availability of the electronic bank account which is appointed to    transfer the electronic value; and-   3, the balance of the electronic value in a transfer means which    transfers the electronic value is larger than the amount of the    electronic value amount to be transferred. (Step Sd4)

When a prepaid card PC is selected as a transfer means, the electronicbank server EBS verifies the electronic bank signature SGN4, andconfirms whether a transfer is possible or not after confirming that theelectronic value information is not transcribed falsely.

Next, the electronic bank server EBS calculates the electronic valueamount of a transfer means (UIM1 in this case) after transferring. And,the electronic bank server EBS gives a time stamp to the electronic bankID, the electronic bank account number of a transfer point, the username of the electronic bank account for a transfer point, the amount oftransferred money, the electronic bank account number of a user of thetransfer means, and the electronic value amount of a transfer means(UIM1) before or after transferring, and encrypts with a publicencryption key obtained from the directory server DS, and gives adigital signature with a private signature key which the electronic bankserver EBS memorizes, and transmits to the mobile station MS. (Step Sd5)

The mobile station MS confirms that there is no incorrectness byverifying the digital signature, decrypting an encrypted message, andconfirming a time stamp of the received data. (Step Sd6)

Next, the mobile station MS displays the received data. When a userchecks this data after reading, and performs a key operation showing OKor NG, the mobile station MS accepts this operation by the user. (StepSd7)

When a key operation showing OK is performed, the mobile station MSupdates the electronic value information memorized by the UIM1 selectedas a transfer means, the electronic value information which should beupdated in this case is the electronic value amount in the UIM, a timestamp at update of electronic value amount, the electronic banksignature SGN2, and the current electronic value amount. The informationin the electronic purse is not updated when an electronic bank accountis selected as a transfer means.

Also, a key operation for showing NG is performed, and the electronicvalue in the electronic purse is not updated.

Next, the mobile station MS generates a message showing whether a keyoperation is OK or NG, and gives a time stamp to this message, encryptswith a public encryption key for the electronic bank, and gives adigital signature with a private signature key, and transmits to theelectronic bank server EBS. (Step Sd8)

The electronic bank server EBS calculates the electronic value in theelectronic bank account for a transfer point, gives a digital signatureof the electronic bank server EBS to this electronic value, and storesit as electronic value management information corresponding to theelectronic bank account of a transfer point when receiving an Okmessage. (Step Sd9)

When an electronic bank account is selected as a transfer means, theelectronic bank server EBS calculates the electronic value in theelectronic bank account of a transfer means, and stores this value towhich a digital signature of the electronic bank server EBS is given aselectronic value management information.

The electronic bank server EBS transmits a message showing the processis completed to the mobile station MS. (Step Sd10) The mobile station MSdisplays this message, and notifies the completion of the process to theuser.

Also, the electronic bank server EBS completes a process withoutupdating the electronic value information when receiving an NG message.But, the electronic bank server EBS stores a log about the above processwith a digital signature of the mobile station MS to deal with claims,which an OK message has been input to confirm the result and so forth,from a user of the mobile station MS.

Also, for example, when the above transaction cannot be completed forreasons such as the electronic bank server EBS not receiving a messagefrom the mobile station MS in Step Sd8, the electronic bank server EBSencrypts a non-completion message that the transaction is not performedand the electronic value amount in the UIM before the transaction, andtransmits this encrypted message and the encrypted value amount to whicha digital signature and a time stamp are given, to the mobile station MSas performed in Step Sa8.

On the other hand, the mobile station MS displays this message whenreceiving a non-completion message from the electronic bank server EBS,and the electronic value amount in the UIM is substituted with the onein the UIM before the transaction transmitted with a non-completionmessage.

Also, for example, when the mobile station MS cannot receive both themessages (completion and non-completion message) for reasons such as aprolonged communication interception, the mobile station MS displays amessage which says transaction is not completed. A user operates themobile station MS to perform a communicative connection to theelectronic bank server EBS after the restoration of communicationinterception and obtains an updated electronic value information, andupdates the electronic value information of a user.

In the above example, the electronic value in the UIM1 of the mobilestation MS was described. When an electronic value in a prepaid card PCis transferred, the prepaid card PC has only to go through the sameprocess via the mobile station MS by infrared communication as describedabove.

C: Application Examples

Next, the application examples of the embodiment will be described.

For example, an item can be sold through cashless transaction byinstalling a function of an electronic purse corresponding to a UIM1 ina mobile station MS into a vending machine or POS (Point of Sale), andperforming an exchange of electronic value between electronic purses bylocal communication network between mobile station MS (or prepaid cardPC) of a user (of vending machine) and the vending machine.

With regard to a vending machine, the correctness is confirmed byverifying the electronic bank signature SGN1 when the electronic valueis exchanged with a mobile station MS, so confirming the correctness ofthe electronic value to the electronic bank server EBS is not neededeach time. Accordingly, advantage is that a user can purchase an itemimmediately, without the vending machine dealer having to pay thecommunication cost to a server.

Also, an item can be sold by cashless transactions between mobilestation MS of a user and a vending machine without installing a functionof an electronic purse in the mobile station MS. In this case, theelectronic bank signature SGN1 is verified when the electronic value isexchanged with the mobile station MS as well.

FIG. 19 illustrates the above example. A vending machine VM isconnected, by wire or radio, to a vending machine server VS connected toa mobile network.

The vending machine VM has a function to perform infrared communicationwith a mobile station MS, to give a digital signature to the data to betransmitted to the mobile station MS, and to verify the electronic banksignature SGN1 transmitted from the mobile station MS.

The mobile station MS1 of a user receives an electronic bank accountnumber of a vending machine dealer by using infrared communication withthe vending machine VM.

A user inputs the amount of electronic value money to be paid to avending machine VM and the electronic purse type into the mobile stationMS, and operates the mobile station MS to show the payment request. Themobile station MS accepts this operation.

The mobile station MS organizes the electronic bank account number of avending machine dealer, the electronic bank account number of a user,and the electronic value amount to be paid as information set, andtransmits this information set to which a digital signature of a user isgiven to a mobile vending machine VM as electronic value informationpaid by a user by infrared communication. Also, the electronic bankserver ID, the electronic purse type, the electronic bank accountnumber, and the information set of the electronic bank signature SGN1among the electronic value information stored in an electronic purse ofa user are also transmitted to the vending machine VM.

The vending machine VM verifies the electronic bank signature SGN1, andconfirms whether a user is the owner of the electronic value issued by aproper electronic bank server EBS. If it fails to verify the digitalsignature, a transaction to a user will be stopped, and a log of thereceived information will be taken that there is an improper access.

When the above verification of a digital signature is successful, thevending machine VM confirms that the money information corresponding tothe electronic value amount is more than that of the amount of money foran item. If the amount of money is short, the vending machine VM stopsthe transaction from the mobile station MS, and returns a messageshowing the money is short to the mobile station MS.

The vending machine VM takes a log as an electronic value update historywhich is an electronic bank account number of a vending machine dealer,and electronic bank account number of a user, the electronic valueamount to be paid, and a digital signature of a user after confirmingthe above money information.

And, the vending machine VM generates a message that the amount of moneyfor the item is received, and transmits this message with a digitalsignature to the mobile station MS. A payment for an item to the vendingmachine VM is completed at this moment, and it enables a user to push anitem button to get the item.

And, the mobile station MS updates the electronic value information inthe UIM1 based on a message received from vending machine VM.Concretely, deduct amount of money for the item from a currentelectronic value, and add an electronic bank account number of a vendingmachine dealer, electronic bank account number of a user, electronicvalue amount to be paid, and a digital signature of a vending machine VMto the electronic value update history.

The accumulated log in vending machine VM is collected regularly byvending machine server VS, and transmitted to electronic bank serverEBS.

Electronic bank server EBS verifies a digital signature of a payer toelectronic value update history received from vending machine server VS,and changes the below management information on the electronic valueupdate history.

That is to say, with regard to electronic value management informationof electronic bank account of a vending machine VM dealer, electronicbank server EBS adds an electronic value amount in an electronic bankaccount, and updates a time stamp at update of electronic value amountin electronic bank account. With regard to electronic value managementinformation of electronic bank account and electronic purse of a user,current electronic value amount in UIM1 is deducted, and a time stamp atupdate of electronic value amount is updated.

When a user pays by prepaid card PC, a current electronic value amountin a prepaid card is deducted, and a time stamp upon update of theelectronic value amount is updated.

Also, when electronic bank server EBS fails to perform electronicauthentication of a user, a message showing an update of electronicvalue information is not completed is generated, and transmitted to amanager of electronic bank server EBS.

Electronic bank server EBS updates electronic value managementinformation of electronic bank account of a vending machine VM dealer.That is to say, electronic bank server EBS adds electronic value amountin an electronic bank account to electronic value managementinformation, updates a time stamp at update of electronic value amount,and transmits such information to vending machine server VS.

Also, when electronic bank server EBS fails to perform electronicauthentication, the message described above is transmitted to vendingmachine server VS as well.

Vending machine server VS notifies a message received from electronicbank server EBS to a manager of vending machine server VS by displayingit. If a manager received a message showing failing to performelectronic authentication, a manager may take a legal action and thelike if this transaction is recognized to be fraudulent after analyzingthis message carefully.

Electronic value information in an electronic purse of a user is updatedin the same way already described above like an exchange betweenelectronic purses when a user accesses electronic bank server EBS later,and the process is completed.

When an electronic value update history received from a user is lost bysystem trouble of vending machine VM or vending machine server VS, theconformity to current electronic value is guaranteed in the same wayalready described above like when an electronic value update history islost in an exchange between electronic purses.

According to the above embodiment, it can be detected that an electronicvalue in an electronic purse is transcribed in an improper way aselectronic bank server EBS manages both electronic value of anelectronic purse and an electronic bank account.

Also, when an exchange of electronic value is performed betweenelectronic purses in a local way, properness of a digital signature of auser performing a transaction is confirmed only between electronicpurses by verifying electronic bank signature EBS, not inquiringelectronic bank server EBS every time. Accordingly, network traffic willnot increase.

Also, electronic bank server EBS updates electronic value managementinformation which electronic bank server EBS manages by a notificationfrom either one of electronic purses, so the efficiency will improve.

Also, a time stamp is given to electronic bank server EBS intransaction, so an improper retransmission will be prevented.

D: Transformation Examples

As will be apparent from the following descriptions, a variety ofmodifications are possible with respect to the present invention, andthe invention is not to be taken as being limited to the embodimentsdescribed.

(1) A Form of Mobile Station MS

Mobile station MS only has to be a portable terminal which has a radiocommunication function, so it can be a personal computer which performsdata communication by connecting to a portable telephone or PDA(Personal Digital Assistance) and so on.

(2) A Communication Configuration of mobile Station, Prepaid Card,Vending Machine.

In the embodiment, mobile station MS, prepaid card PC, vending machineVS perform radio communication each other by using infrared rays, andwire communication is also possible.

For example, mobile station 50 usually comprises a 16-core connectorwhich performs input and output of a serial signal, and prepaid card PCand vending machine VS may also perform data communication by connectingto cable mutually if the same connector is installed in both.

(3) An Installation Configuration of Each Server

In the previous embodiment, electronic bank server EBS was installed onmobile network MN, and registration authority server RA, certificateauthority server CA, and directory server DS were installed on internetINET. But, each server can be installed on any network.

(4) Generation of a Key Pair

In the embodiment, registration authority server RA generates a key pairof a user, and transcribes it in UIM1, but it is not limited to thismethod.

For example, it can be generated in a production factory of UIM1, andtranscribed in advance, or it can be performed by a key pair generatingfunction installed in UIM1. Also, registration authority server RA mayrequest an authority like certification authority server CA to generatea key pair, and transmit the key pair.

(5) Storage Capacity of UIM1 or Prepaid Card PC

As described above, an electronic purse such as UIM1 and prepaid card PCabout storage capacity has some cases:

For example, all of the electronic value update history may not bestored because of shortage of storage capacity, or a fault may occur ina memory device of electronic value update history because of systemtrouble. In these cases, electronic value update history may be lost. Apart of electronic value update information may be lost by a malicioususer as a case like only electronic value update history which a userpaid is deleted.

By the way, in the embodiment, when electronic value update history ofeither a payer or a recipient is transmitted to electronic bank serverEBS, both (a payer and a recipient) of the proper electronic valueamount are updated.

However, both of the (a payer and a recipient) electronic value updatehistory are lost, electronic bank server EBS cannot understand anexchange of electronic value. In this case, to assume that a transactionis not performed from the beginning, current electronic value amount inUIM in each electronic purse is obliged to conform to electronic valueamount of an electronic purse which electronic bank server EBS managesat the moment when each electronic purse accesses electronic bank serverEBS after transaction. That is to say, electronic value information ofan electronic purse is conformed to the electronic value information ofan electronic bank. If a means to guarantee conformity is comprised asdescribed above, mobile station MS can delete electronic value updatehistory from the older date one in transaction by using electronic valueafter that when detecting to accumulate electronic value update historycorresponding in volume to storage capacity of an electronic purse.

Also, mobile station MS may be obliged to transmit the electronic valueupdate history to electronic bank server EBS when searching toaccumulate the electronic value update history corresponding in volumeto a storage capacity of an electronic purse. The electronic valueinformation of the electronic purse will be the same as the one of anelectronic bank by the above. Also, mobile station MS may not perform atransaction using an electronic value after searching to accumulate anelectronic value update history corresponding to storage capacity of anelectronic purse. In this case, mobile station MS performs a process todisplay this transaction message on display; and notify it to a user.

(6) A Communication Means Between Mobile Station MS and Prepaid Card

A local communication means between mobile station MS and prepaid cardPC is not only limited to infrared communication described above, forexample, Bluetooth communication (registered trademark), can also beused. Of course, a local communication means between mobile station MSand vending machine VM can be performed by any other radio communicationmeans, not only by infrared communication.

1. An electronic value system for performing transmission and receptionof an electronic value which comprises electronic money informationbetween a first communication terminal and a second communicationterminal, said first communication terminal comprising: a first memoryfor storing an electronic value, identification information of an issuerof said electronic value, and a digital signature provided by saidissuer to said identification information; and a first transmissionmeans for transmitting said identification information and said digitalsignature together with said electronic value to said secondcommunication terminal; a first receiving means for receiving from saidsecond communication terminal identification information of an issuerand a digital signature before transmitting said electronic value tosaid second communication terminal; and a first confirmation means forconfirming authenticity of said second communication terminal bychecking said digital signature received from said second communicationterminal to determine that said electronic value has been issued by saidissuer, said second communication terminal comprising: a second memoryfor storing an electronic value, identification information of an issuerof said electronic value, and a digital signature provided by saidissuer to said identification information; a second transmission meansfor transmitting said identification information and said digitalsignature that are stored in said second memory to said firstcommunication terminal; a second receiving means for receivingidentification information of an issuer and a digital signature fromsaid first communication terminal; and a confirmation means forconfirming that said electronic value has been issued by the issuer. 2.An electronic value system according to claim 1, wherein said firstcommunication terminal and said second communication terminal comprise alog accumulation means for accumulating a transaction log related totheir own transaction; and wherein at least either said firstcommunication terminal or said second communication terminal transmits atransaction log accumulated at said log to a node that manages balanceinformation of said electronic value, which information said first orsaid second communication terminal memorizes, when said accumulatedtransaction log is equal in volume to a storage capacity of said logaccumulation means.
 3. An electronic value system according to claim 1,wherein said first communication terminal and said second communicationterminal perform transmission and reception of electronic value byradio.
 4. An electronic value system according to claim 1, wherein atleast either said first communication terminal or said secondcommunication terminal is a mobile communication terminal in a mobilenetwork.
 5. An electronic value system according to claim 1, whereinsaid second communication terminal is installed in a vending machine. 6.An electronic value system according to claim 1, wherein the firstcommunication terminal attaches a transmission date and time to saidelectronic value when transmitting said value.
 7. An electronic valuesystem according to claim 1, wherein said first communication terminalcomprises a security means for performing electronic authentication,encryption and decryption by using a key for said electronic value, andan update means for updating said key regularly when performingtransmission and reception of said electronic value.